SB2016071915 - Spoofing attack in Apple Safari
Published: July 19, 2016 Updated: November 22, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Spoofing attack (CVE-ID: CVE-2016-4590)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a spoofing attacks.
The vulnerability exists due to a flaw in the parsing of 'about:' URL. A remote unauthenticated attacker can create a specially crafted web site to exploit this vulnerability and spoof user interface elements.
Successful exploitation of this vulnerability may result in disclosure of user information.
Remediation
Install update from vendor's website.